Tuesday, 24 June 2014

In case that your are seing this message in /var/log/secure log, this means that someone 15 times tried to log in to your system with user user1! Also, user may complain that he can not connect as user1! Good thing is that in next line in secure log you have IP address of computer that tried to log in!

You are using pam.d. This is security feature for access to your system. With it you can control access to system services (like sshd) or commands(like passwd). Setting for this are located in /etc/pam.d/.

From here, we can see that pam.d module pam_tally2.so is responsible for user lockout! But from here we can also see that deny limit is 3 times and that is has been tried for 18 times to log in to system as user user1.
Read pam.d configuration for sshd!

server#cat /etc/pam.d/sshd#%PAM-1.0auth include system-authauth required pam_tally2.so deny=3 onerr=fail lock_time=60account required pam_nologin.soaccount include system-authaccount required pam_tally.sopassword include system-authsession optional pam_keyinit.so force revokesession include system-authsession required pam_loginuid.sosession required pam_limits.so
From here we can see settings for failed password entry! pam.d is using module pam_tally2.so, after one failed login you have to wail or 60 seconds to try again and after 3 failed login, user account will be lock!

From here we can see how many failures for user1 happened and when last try has happened!

SSH access for user user1 is locked and you want to unlock it.

Command for that is this

server#pam_tally2 -r -u user

In are case that isserver#pam_tally2 -r -u user1
Now, when you issue pam_tally2 command there will be no failures shown and user1 will be able to log in onto system!

Important thing to know here is that once user account is locked, these is no use of trying to log onto system! Depending on your pam.d configuration, your user account can or can not reset number of false tries! Pam.d configurations is complex and if you do know what you are doing, you can make your live much,much harder!